Clone the stacks, and name and tag them accordingly.
Automate and schedule the deployment of a recipe or module that returns the servers back to compliance.
If the CI server support is using the AWS CLI scripts, already-defined is the easiest way. If not, implementing the CLI commands in CloudFormation would be an option. Using OpsWorks would be the most complicated solution in this case, and the infrequent large updates are not the best case for OpsWorks.